This was an exploit form back in ie6. It is present in all version up to 8. mshtml.dll once again has a major issue that allows remote sites to take over your machine. If you are running ie6, ie7, or ie8 you are vulnerable. HOWEVER if you have DEP turned on for ie 7 or 8 then the threat is reduced but not eliminated. This is also why you NEVER surf on a server. Frankly I am going to extend Microsoft’s advice. Raise ALL security levels to high except trusted sites…leave it at medium(for windows updates) then never launch IE again. I am being dead serious.
VIDEO OF EXPLOIT IN ACTION. Blow the video up to full screen then watch for a list that shows up at around 1 minute. Notice how notepad is running nicely. At around 1 minute 50 seconds the “hacker” issues a kill command followed by a number. That number is the notepad. watch as notepad goes boom..no warning..no notifications. This person has full control of your system..all because of a badly designed OS and browser. Notice the users on the right. Those are system processes..processes even the administrator does not have direct access to. I have said it over and over having a web browser tied so closely to the kernel is a bad idea. As long as IE exists in it’s current form Windows will NEVER be remotely secure.
Here’s the backstory. Apparently some Chinese folks(possibly the gov’t) started using this unknown security hole in IE to start trying to get into various activists that are opposed to the vast range of Chinese gov’t controls. They targeted Google because this is where these targeted activists had their mail. Google detected this activity and began a backtrace. They found out that multiple large companies had also been attacked using this issue. The story is continuing to unfold. The only fix available right now is to put all of your IE settings up to high. This has the effect of making IE unusable on the internet.
My recommendation: Use either google chrome or firefox. Don’t bother with IE anymore…at all. There’s so many links with full information I am not going to embed them into this post. The list follows.
*UPDATE* there are quite a few programs that idiotically use IE to operate. Now various exploit writers and researchers are hitting these as well. Many other programs are now falling over after being hit either with IE exploits or ones similar that are now being found in a rash of other software.
Google’s Initial Response disclosure of what was targeted and revelations of other companies hit
Microsoft’s confirmation and advisory.
(This list will continue to grow)
Mcafee has multiple postings:
*UPDATE* Itworld has much the same opinion of IE as I have had for a long time.